search_alarms
Query and filter network alarms by type, status, IP, region, or device using Firewalla syntax. Group, sort, and paginate results for efficient alarm management and monitoring on the firewalla-mcp-server.
Instructions
Search alarms using full-text or field filters. Alarm types: 1=Security Activity, 2=Abnormal Upload, 3=Large Bandwidth Usage, 4=Monthly Data Plan, 5=New Device, 6=Device Back Online, 7=Device Offline, 8=Video Activity, 9=Gaming Activity, 10=Porn Activity, 11=VPN Activity, 12=VPN Connection Restored, 13=VPN Connection Error, 14=Open Port, 15=Internet Connectivity Update, 16=Large Upload.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| cursor | No | Pagination cursor from previous response | |
| groupBy | No | Group alarms by specified fields (comma-separated) | |
| limit | No | Maximum results (optional, default: 200, API maximum: 500) | |
| query | No | Search query using Firewalla syntax. Supported fields: type:1-16 (see alarm types above), resolved:true/false, status:1/2 (active/archived), source_ip:192.168.*, region:US (country code), gid:box_id, device.name:*, message:"text search". Examples: "type:8 AND region:US" (video from US), "type:10 AND status:1" (active porn alerts), "source_ip:192.168.* AND NOT resolved:true" | |
| sortBy | No | Sort alarms (default: ts:desc) |